Locking Down the Grid

December 13, 2018

In 2015 and 2016, hackers caused massive power outages in Ukraine during one of the coldest times of the year. The December 2015 attack, which left 225,000 Ukrainians without electricity for the better part of a day, was the first known instance of a successful cyberattack on a nation’s power grid. Ukrainian officials blamed the Russian government, calling the acts a demonstration of Russia’s cyberwarfare capability. An investigation concluded that the hackers, however they were supported, had been in the system undercover for some six months.

In both attacks, the hackers targeted what are called supervisory control and data acquisition, known as SCADA, systems, which use computers and networked data communications to monitor and manage the processing of machinery, such as a generator, at the substation level. The SCADA network is essentially the brain of the operation. Gain control of it, and hackers can cause all sorts of mayhem. They can destroy the system’s firmware or command the equipment to spin too fast or too slow, causing it to malfunction or shut down altogether. “This machinery has to operate at a very precise and coordinated frequency, and once it’s damaged there is no quick fix or way to reset the system,” says Yair Amir, a Johns Hopkins professor of computer science. Imagine remotely taking control of a truck and driving it off a cliff. “You can’t undo that damage. It’s game over,” he says.